const { getUserById } = require('../services/UserService')
const { admin } = require('../utils/userTypes')
const { adminPermission } = require('../utils/permissions')
module.exports = async (req, res, next) => {
  const { userId } = req.session
  const user = await getUserById(userId)
  if (user.userType === admin && user.permission === adminPermission) {
    next() //管理员权限验证通过, 交给下一个中间件处理
  } else {
    res.status(401).json({ message: '权限不足' })
  }
}
